Security is a key concern during online transactions. Commercial Internet transactions, e.g., Internet banking, credit card purchases, etc., are only as secure as the weakest link. Traditional security solutions focus on server-side infrastructure security, e.g., HTTPS web site, two-factor authentication, etc. While the server side has security expert management and maintenance, the end user's computers do not have such benefit.
Current online transaction risks increase due to poor end user security practices. The current solution to end user security tends to focus on end user education, e.g., training end users to recognize phishing attempts and ignore spoofed emails, and installing end-user security software to clean up and secure end-user devices from malicious code, e.g., viruses, spyware, adware, keyloggers, backdoors, Trojans, etc. Solving the end-user device vulnerabilities using the above approach is dependent on end-user efforts, e.g., regular installation of security software updates such as signature files, regular execution of scans, regular application of the security patches, etc.
Additionally, the generally open nature of the Internet makes shared Internet resources, e.g., DNS servers, intermediate routers, etc., susceptible to web site hijacking. Shared Internet resources are not managed by web site owners or end users, making securing these shared resources outside the control of the stakeholders.
A system and method that facilitates protection of an end-user device are needed.